> -----Original Message----- > From: Dirk-Willem van Gulik [mailto:di...@webweaving.org] > Sent: Saturday, November 07, 2009 12:28 AM > To: dev@httpd.apache.org > Subject: Re: TLS renegotiation attack, mod_ssl and OpenSSL > > +1 from me. (FreeBSD, Solaris). Test with and without certs (firefox, > safari, openssl tool). Tested with renegotion break script openssl.
Can I just verify what is supposed to happen with the break script test? I have built 2.2.14 with 0.9.8l on Solaris 10. I do: $ openssl -connect wibble:443 ... GET / HTTP/1.1 =20 Host:wibble R RENEGOTIATING Then the connection hangs and I get no further data back from the server. On http://wibble/server-status, I see: 6-0 17718 0/1/1 R 0.14 31 90 0.0 0.00 0.00 ? ? ..reading.. Is this the intended behaviour? I thought it was supposed to drop the connection? Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. The sender's company reserves the right to monitor all e-mail communications through their networks.